آسیب پذیری XSS[php]
[/php]
کد:
Overall: # Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront 3.6.14.4 # Date: 05 June 2014 # Exploit Author: shyamkumar somana # Vendor Homepage: http://www.efrontlearning.net # Software Link: https://sourceforge.net/projects/efrontlearning/files/latest/download # Version: 3.6.14.4 # Tested on: Windows 7 * ################################################# eFront 3.6.14.4 is vulnerable for a Persistent Cross Site Scripting Vulnerability. The vulnerability affects 'surname' parameter(Last Name Field) while updating the account details. * Vendor has supplied a workaround for the vulnerability which can be found at * https://github.com/epignosis/efront_open_source/issues/5 * #################################################